CVE-2017-2217

Опубликовано: 07 июл. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Ссылки

https://jvn.jp/en/jp/JVN79738260/index.html
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/1650075/
Issue Tracking
Patch
Vendor Advisory
https://wordpress.org/plugins/download-manager/#developers
Patch
Vendor Advisory
https://jvn.jp/en/jp/JVN79738260/index.html
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/1650075/
Issue Tracking
Patch
Vendor Advisory
https://wordpress.org/plugins/download-manager/#developers
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:w3eden:download_manager:*:*:*:*:*:wordpress:*:*

Версия до 2.9.50 (включая)

EPSS

Процентиль: 57%

0.00356

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-xrg2-49wj-f33v